On Jan 20, 2004, at 4:50 AM, Simon Brown wrote:
Wow. Very interesting. Will have to spend some time playing around with this.
Wondering about the security aspects of this though. Could a carefully designed stack with this feature be safe? Would the data have to be locked (static) only?
Simon.
Simon,
there are some security flaws by design... You can access any stack, you can send any message to any stack available... this is sure a flaw, or a opportunity. While running in a standalone there's not much harm one can do this way, but in the IDE the revIDE stacks are available... that's bad...
Also with INFORM you can write data and read data from anystack... but it was designed that way. The best way to address security is to create custom properties for blessed stacks and blessed messages, this way one can use only that, but that proved to be a huge drawback in the framework.
When I release the code this week, you'll see that the engine is pretty simple, and adding more robust security to it can be done... I've got a internal version with a frontscript that does that for me... but that won't be released, it's alpha.
Cheers Andre
Andre Alves Garzia 2003 BRAZIL http://www.soapdog.org
_______________________________________________ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution
